-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mbedtls: ramdom can use havege if enabled. #1227
Conversation
b957d5e
to
cb34e4c
Compare
mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); | ||
#endif /* MBEDTLS_ERROR_C */ | ||
failf(data, "Failed - mbedTLS: ctr_drbg_seed returned (-0x%04X) %s\n", | ||
-ret, errorbuf); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shouldn't it also return an error here?
You tell me! Should it be saved? When the 'data' pointer is provided, it could be stored in that struct. |
@@ -729,6 +729,56 @@ size_t Curl_mbedtls_version(char *buffer, size_t size) | |||
(version>>16)&0xff, (version>>8)&0xff); | |||
} | |||
|
|||
int Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy, | |||
size_t length) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is better declared to return CURLcode
rather than int.
The question was, do I privilege cpu time (struct on data), or mem (struct on cstack). |
Yeah, this function is not used a lot nor in any high performance situation so I think that's totally fine. |
Thanks! |
I didn't succeed to write a "proper" CTR-DRBG random generator. So let's begin with havege 👍
Anyway, should I save mbedtls_havege_state somewhere ?